Tag: MS12-079

Microsoft has release, the 11 December 2012, during his December Patch Tuesday, two updated security advisories and seven security bulletins. On the seven security bulletins five of them has a Critical security rating.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. Update KB2785605 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB12-27.

Microsoft Security Advisory 2749655

MSA-2749655, release during October 2012, has been updated. The security advisory is regarding “Compatibility Issues Affecting Signed Microsoft Binaries” and the update added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060 to the list of available rereleases.

MS12-077 – Cumulative Security Update for Internet Explorer

MS12-077security update, classified as Critical, allowing remote code execution, is the fix for three privately reported vulnerabilities. CVE-2012-4781 has a 0.0 CVSS base score (surely an error) and was discovered and privately reported by Rosario Valotta. CVE-2012-4782 has a 10.0 CVSS base score and was discovered and privately reported by Rosario Valotta. CVE-2012-4787 has a 10.0 CVSS base score and was discovered and privately reported by Fermin J. Serna of Google Inc.

MS12-078 security update, classified as Critical, allowing remote code execution, is fixing two vulnerabilities. CVE-2012-2556 has a 9.3 CVSS base score and was publicly disclosed. CVE-2012-4786 has a 10.0 CVSS base score and was discovered and privately reported by Eetu Luodemaa and Joni Vähämäki of Documill, working with the Chromium Security Rewards Program.

MS12-080 security update, classified as Critical, allowing remote code execution, is fixing three vulnerabilities. CVE-2012-3214 has a 2.1 CVSS base score and is associated with Oracle Outside In Technology component fixed in Oracle October 2012 CPU. CVE-2012-3217 has a 2.1 CVSS base score and is associated with Oracle Outside In Technology component fixed in Oracle October 2012 CPU. CVE-2012-4791 has a 3.5 CVSS base score and was discovered and privately reported by unknown security researcher.

MS12-083 security update, classified as Important, allowing security feature bypass, is fixing one vulnerability.CVE-2012-2549 has a 6.8 CVSS base score and was discovered and privately reported by an anonymous security researcher.